diff options
| author | Michael Brown <mcb30@ipxe.org> | 2023-02-17 16:56:11 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2023-02-17 21:29:51 +0000 |
| commit | 9f17d1116d27696ec76c48c5c77df34cba521380 (patch) | |
| tree | 381ddb4988380ab1c5c4c59bb27ab7aea9bfc081 /src/config/defaults | |
| parent | 2733c4763a50b9eb0c206e7430d4d0638451e5e9 (diff) | |
| download | ipxe-9f17d1116d27696ec76c48c5c77df34cba521380.tar.gz | |
[rng] Allow entropy source to be selected at runtime
As noted in commit 3c83843 ("[rng] Check for several functioning RTC
interrupts"), experimentation shows that Hyper-V cannot be trusted to
reliably generate RTC interrupts. (As noted in commit f3ba0fb
("[hyperv] Provide timer based on the 10MHz time reference count
MSR"), Hyper-V appears to suffer from a general problem in reliably
generating any legacy interrupts.) An alternative entropy source is
therefore required for an image that may be used in a Hyper-V Gen1
virtual machine.
The x86 RDRAND instruction provides a suitable alternative entropy
source, but may not be supported by all CPUs. We must therefore allow
for multiple entropy sources to be compiled in, with the single active
entropy source selected only at runtime.
Restructure the internal entropy API to allow a working entropy source
to be detected and chosen at runtime.
Enable the RDRAND entropy source for all x86 builds, since it is
likely to be substantially faster than any other source.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/config/defaults')
| -rw-r--r-- | src/config/defaults/efi.h | 1 | ||||
| -rw-r--r-- | src/config/defaults/linux.h | 4 | ||||
| -rw-r--r-- | src/config/defaults/pcbios.h | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/src/config/defaults/efi.h b/src/config/defaults/efi.h index 625ae055c..16c561660 100644 --- a/src/config/defaults/efi.h +++ b/src/config/defaults/efi.h @@ -50,6 +50,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #if defined ( __i386__ ) || defined ( __x86_64__ ) #define IOAPI_X86 #define NAP_EFIX86 +#define ENTROPY_RDRAND #define CPUID_CMD /* x86 CPU feature detection command */ #define UNSAFE_STD /* Avoid setting direction flag */ #endif diff --git a/src/config/defaults/linux.h b/src/config/defaults/linux.h index 5c4106d30..21de2a2e2 100644 --- a/src/config/defaults/linux.h +++ b/src/config/defaults/linux.h @@ -33,4 +33,8 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define SANBOOT_PROTO_FCP #define SANBOOT_PROTO_HTTP +#if defined ( __i386__ ) || defined ( __x86_64__ ) +#define ENTROPY_RDRAND +#endif + #endif /* CONFIG_DEFAULTS_LINUX_H */ diff --git a/src/config/defaults/pcbios.h b/src/config/defaults/pcbios.h index 83835805a..ee342d41b 100644 --- a/src/config/defaults/pcbios.h +++ b/src/config/defaults/pcbios.h @@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define SMBIOS_PCBIOS #define SANBOOT_PCBIOS #define ENTROPY_RTC +#define ENTROPY_RDRAND #define TIME_RTC #define REBOOT_PCBIOS #define ACPI_RSDP |